Method of implementation of independent risk evaluation and internal control

. Internal control in accordance with international and federal standards is a process that is organized and implemented by the management of an enterprise, its employees and representatives of the owner. Model of development of the internal control system.


Introduction
In the modern economy there are not only the processes of production and circulation, but also issues of organization and management in the foreground. At the same time, great importance is attached to the formation of the internal control system (ICS).
Internal control in accordance with international and federal standards is a process that is organized and implemented by the management of an enterprise, its employees and representatives of the owner. Internal control will allow you to have reliable financial (accounting) statements, which will accelerate the achievement of the goals, aimed at the effectiveness and efficiency of activities within, in accordance with the regulatory acts.
In the framework of international standards, the main elements of the internal control system (ICS) are the main areas of internal control (IC) of activity, both of a separate division and of an enterprise as a whole, the subjects of control with the distribution of powers and responsibilities, monitoring, procedures carried out by these entities within their professional competencies [8].
The goal of an effective internal control system (ICS) is to recognize perceived risks and adequately respond to them.
The concept of risk-based internal control is based on identifying and predicting the level of risk events acceptable for a given enterprise, transferring responsibility for identifying risks and evaluating them to all management levels and all divisions. In order to limit risk events, it is necessary to include all procedures, methods of control in business processes.
The main objectives of achieving the goals of internal control: • executing orders and decisions made by the Board of Directors, the management of the company; • the achievement of strategic objectives in the framework of regulatory acts; • supervising (monitoring) the activity on a permanent basis, identifying changes that require making adjustments to the specified instructions, decisions or acts; • distribution of responsibility, authority and accountability, within their professional competencies; • following the necessary procedures aimed at safekeeping of funds and other valuables, targeted and sparing use of available resources of an enterprise; • compliance of all types of information in the enterprise with the established requirements, including information security requirements; • compliance of the activities and actions of employees of an enterprise with the regulatory acts regulating the activities; • monitoring changes in indicated acts, identifying gaps and contradictions in them (between them); • monitoring of IC, assessment of its adequacy, control of measures to eliminate deficiencies.
In order to determine the quality of the conducted monitoring of the internal control system, it is necessary to know: • If control for taking corrective actions is carried out in the case if violations are detected.
• If government agencies request reports and information on identified deficiencies, violations, errors.
• What actions are taken by the management of an enterprise in terms of correcting deficiencies, violations, errors.
The growing level of risk in a business that may be caused by various changes in the business environment requires constant monitoring, analysis and development of the internal control system.
It is necessary to conduct a SWOT analysis, in order to identify strong and weak points in the business environment, to study the best practices and identify remaining threats, to look for potential opportunities to increase performance efficiency [9]. Staff at all levels and in all functions should know not only the operational, but the strategic goals of an enterprise. It is necessary to use each employee in the process of improving the effectiveness of the control system that will identify the differences between actual and intended results.
Staff at all levels should be trained, have experience that allows for corrective action. Not only management, but also all personnel should know how to plan, create, maintain an effective and realized by optimal resources control mechanism. They should know what balanced production, sales, cost savings, tax cuts and increased operational efficiency are.
You can simulate a five-level system of development of IC, presented in Table1.
Today, Level 3 -"Standardized" functions practically only in large enterprises. In most enterprises, the current assessment of the level of ICS development is not higher than level 2 -"Informal". This means that, as a rule, IC procedures are not standardized, are not effective enough, are sometimes difficult to track, often depend on separate employees, and staff are not trained in internal control issues.
You can see the relationship between the quality of control procedures and the monitoring system for the effectiveness of controls in Figure 2. The internal control system (ICS) is recognized as effective if Level 3 is achieved, and Levels 1 and 2 are generally unacceptable, as they do not provide the execution of the necessary control procedures.
Managers of all departments of an enterprise must establish the procedures of IC, select the main methods of control and record the results of the control. That's why, memos, instructions, methodological recommendations should be developed, additional measures should be taken to improve the qualifications of the staff, and responsible people should be appointed to carry out these activities. A manager is responsible for: • introduction and application of ICS elements in all departments of an enterprise, taking into account the peculiarity of the activities of all departments; • conducting IC within the framework of professional competencies of all structural units at all levels of control; • organizing the identification, assessment of risks and monitoring compliance with the established restrictions in the activities of units; • the right to delegate his/her authority to monitor IC to his/her deputies. He/She ensures regular, full information on the status of the effectiveness of IC; • taking possible measures to eliminate situations of conflict of interests; • the adequacy of the content, relevance, accuracy, availability, integrity of information and the exchange of information for the implementation of IC.
At the same time, it is necessary to understand that an effective and adequate system of internal control is not only the number of people exercising control, the number of inspections conducted or errors found. It must take into account the actions (or inaction) of the management bodies and enterprise owners. It should be included in all business processes of an enterprise, with the goal of timely identifying risks and determining effective control measures to mitigate their impact on the activities of an enterprise.
Monitoring the risk management process is an assessment of the presence and functioning of the components of the risk management process, as well as periodic inspections. It is conducted in the course of current activities and by additional periodic checks. It is a dynamic process, as it changes in course of time.

Level
Explanation Level 1 (unreliable) internal control procedures (IC) are few and unreliable or absent Level 2 (informal) procedures of IC are not standardized, are tracked with difficulty, often depend on separate employees, and staff is not trained in IC issues Level 3 (standardized) ICS work is governed by simple guidelines, the control environment and business processes are documented, control procedures are regularly adapted to risk changes, and personnel training has been conducted. Level 4 (managed) control procedures are constantly adapted to risk changes and are regularly documented based on a standardized procedure. Monitoring of the implementation of control procedures through random checks is regularly carried out and documented. Level 5 (optimized) Risk management and the internal control system (ICS) operate as one integrated system; control procedures are automated. adapted to changing circumstances special tools are used Fig. 3. The risk management process.
An effective system of internal control is aimed at preventing losses and reducing the amount of own funds when current expenditures and expenses exceed revenues or sources of own funds. It also involves monitoring how quantitative and qualitative limits of amount of risks taken by an enterprise are complied, and promptly and accurately informing management about the current state of risk indicators in general and across all departments and business processes. On a regular basis, it is necessary to eliminate the shortcomings of internal control, in order to ensure an increase in the ability of the procedures performed, the identification of all events and situations, the relationships between risks and their causes for evaluating each of them, taking into account the impact on the enterprise's activities. All this requires prompt changes to the organization and the procedure for exercising internal control, in accordance with regulatory and other acts to meet the needs of people authorized to make decisions on the management of the enterprise.